Secure Socket Layer (SSL) Certificate Check is a simple and effective way to proactively monitor issues with the SSL certificate that you have installed on your web server. Dotcom-Monitor SSL Certificate checker allows you to set up automated monitoring of the certificate expiration date, authority, and validity including intermediate certificates, etc. You can also set a certificate expiration reminder to be notified about upcoming expiration in advance.
To start with SSL Certificate monitoring, first, provide the public hostname or IP address of your server in the Hostname field. For externally available sites, the hostname should be formatted as www.hostname.com. If the target is an IP address, it can be formatted as either an IPv4 or IPv6 address.
Then set the Time Validation threshold for the server response waiting time. If the timeout is reached the system will abort the monitoring session and return a timeout error. The timeout is set to 120 seconds by default.
Then select what SSL Certificate checks you want to run.
The following checks are available:
- Authority: verifies whether a certificate chain contains a root certificate that is trusted, or not trusted.
- Common Name (CN): validates that an address you navigate to matches the address certificate the address was signed to.
- Date: verifies the certificate expiration date.
- Revocation: validates that the certificate’s chain of trust doesn’t contain a revoked certificate.
- Usage: verifies a certificate chain for the improper use of an intermediate certificate.
- Expiration Reminder in Days: a reminder that notifies (as an error) about certificate expiration.
In addition, you can specify the version of TLS (1.0, 1.2, 1.3) to use for a check. Note that if a specific protocol version has been selected, we will not use other versions in the case when your server does not support the selected one.
Optionally, you can configure DNS connection settings that must be used to execute the SSL Certificate monitoring sessions.
The DNS Options feature allows users to choose how domain name server (DNS) requests are conducted during a monitoring task.
To specify the mode of resolving hostnames, in the DNS Resolve Mode section, select one of the available modes. For more details on the feature configuration, see DNS Mode Options.
The Custom DNS Hosts section allows to set up the mapping of IP addresses to hostnames. IPv6 and IPv4 DNS resolution is supported.
To specify the mapping, enter the IP address and the hostname in the corresponding fields.
See also: DNS Mode Options.
You can set a filter to ignore specific error types and codes. In the Error Filter section, you can filter out certain user-configurable errors. For example, DNS errors could be filtered out based on who is responsible for DNS server operations. You can create filters that will ignore specific errors that you know may occur and are not relevant to the goal of a specific device.
In addition, you can set up the system to ignore a range of error codes using a dash, or multiple error codes using semicolons as a separator.